2016-12-16 14:57:44 +03:00
<?xml version="1.0"?>
<!-- * - nxml - * -->
2019-03-14 16:40:58 +03:00
< !DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
2020-11-09 07:23:58 +03:00
<!-- SPDX - License - Identifier: LGPL - 2.1 - or - later -->
2016-12-16 14:57:44 +03:00
<refentry id= "systemd-veritysetup@.service" conditional= 'HAVE_LIBCRYPTSETUP' >
<refentryinfo >
<title > systemd-veritysetup@.service</title>
<productname > systemd</productname>
</refentryinfo>
<refmeta >
<refentrytitle > systemd-veritysetup@.service</refentrytitle>
<manvolnum > 8</manvolnum>
</refmeta>
<refnamediv >
<refname > systemd-veritysetup@.service</refname>
<refname > systemd-veritysetup</refname>
2021-10-13 22:18:12 +03:00
<refpurpose > Disk verity protection logic</refpurpose>
2016-12-16 14:57:44 +03:00
</refnamediv>
<refsynopsisdiv >
<para > <filename > systemd-veritysetup@.service</filename> </para>
<para > <filename > /usr/lib/systemd/systemd-veritysetup</filename> </para>
</refsynopsisdiv>
<refsect1 >
<title > Description</title>
2021-10-13 22:18:12 +03:00
<para > <filename > systemd-veritysetup@.service</filename> is a service responsible for setting up verity
protection block devices. It should be instantiated for each device that requires verity
2016-12-16 14:57:44 +03:00
protection.</para>
<para > At early boot and when the system manager configuration is reloaded kernel command line configuration for
2021-10-13 22:18:12 +03:00
verity protected block devices is translated into <filename > systemd-veritysetup@.service</filename> units by
2016-12-16 14:57:44 +03:00
<citerefentry > <refentrytitle > systemd-veritysetup-generator</refentrytitle> <manvolnum > 8</manvolnum> </citerefentry> .</para>
2021-07-31 10:16:52 +03:00
<para > <filename > systemd-veritysetup@.service</filename> calls <command > systemd-veritysetup</command> .</para>
</refsect1>
<refsect1 >
<title > Commands</title>
<para > The following commands are understood by <command > systemd-veritysetup</command> :</para>
<variablelist >
<varlistentry >
<term >
<option > attach</option>
<replaceable > volume</replaceable>
<replaceable > datadevice</replaceable>
<replaceable > hashdevice</replaceable>
<replaceable > roothash</replaceable>
[<replaceable > option</replaceable> ...]
</term>
<listitem > <para > Create a block device <replaceable > volume</replaceable> using
<replaceable > datadevice</replaceable> and <replaceable > hashdevice</replaceable> as the backing
devices. <replaceable > roothash</replaceable> forms the root of the tree of hashes stored on
<replaceable > hashdevice</replaceable> . See
<ulink url= "https://www.kernel.org/doc/html/latest/admin-guide/device-mapper/verity.html" >
Kernel dm-verity</ulink> documentation for details.
</para> </listitem>
</varlistentry>
<varlistentry >
<term >
<option > detach</option>
<replaceable > volume</replaceable>
</term>
<listitem > <para > Detach (destroy) the block device
<replaceable > volume</replaceable> .</para> </listitem>
</varlistentry>
<varlistentry >
<term >
<option > help</option>
</term>
<listitem > <para > Print short information about command syntax.</para> </listitem>
</varlistentry>
</variablelist>
2016-12-16 14:57:44 +03:00
</refsect1>
<refsect1 >
<title > See Also</title>
<para >
<citerefentry > <refentrytitle > systemd</refentrytitle> <manvolnum > 1</manvolnum> </citerefentry> ,
<citerefentry > <refentrytitle > systemd-veritysetup-generator</refentrytitle> <manvolnum > 8</manvolnum> </citerefentry> ,
<citerefentry project= 'die-net' > <refentrytitle > veritysetup</refentrytitle> <manvolnum > 8</manvolnum> </citerefentry>
</para>
</refsect1>
</refentry>